Posted
by
samzenpus
on Friday July 06, 2012 @03:13AM
from the work-together dept.

wiredmikey writes "Security startup CrowdStrike has launched CrowdRE, a free platform that allows security researchers and analysts to collaborate on malware reverse engineering. CrowdRE is adapting the collaborative model common in the developer world to make it possible to reverse engineer malicious code more quickly and efficiently. Collaborative reverse engineering can take two approaches, where all the analysts are working at the same time and sharing all the information instantly, or in a distributed manner, where different people work on different sections and share the results. This means multiple people can work on different parts simultaneously and the results can be combined to gain a full picture of the malware. Google is planning to add CrowdRE integration to BinNavi, a graph-based reverse engineering tool for malware analysis, and the plan is to integrate with other similar tools. Linux and Mac OS support is expected soon, as well."

That's one of the things I'm wary of in this context: You might piss someone off with more money and firepower than $deity when you pluck apart his precious and expensive weapon to fight terrorism (or is that boggeyman outdated by now and we have another strawman to justify spying on otherwise innocent citizens? I didn't keep up to date).

The other is that malware isn't the only thing you can reverse engineer, and that some companies might not be very interested in seeing their latest DRM junk being debunked in seconds.

That's one of the things I'm wary of in this context: You might piss someone off with more money and firepower than $deity when you pluck apart his precious and expensive weapon to fight terrorism (or is that boggeyman outdated by now and we have another strawman to justify spying on otherwise innocent citizens? I didn't keep up to date).

I imagine that there isn't an entirely zero chance of earning yourself a dose of succulent Polonium for your tea; but I wouldn't be too concerned. If $SINISTER_INTELLIGENCE_AGENCY has cooked up some malware, and that malware has been tactless enough to get to the point of being reverse engineered in public(as opposed to being unnoticed, or covertly picked apart by the enemy $SINISTER_INTELLIGENCE_AGENCY), that malware is already too high profile for their liking. At that point, the options are (1): Start developing something else, do your best to suggest that your previous work was probably just Ukranian bot-herders or (2): Risk drawing even more attention to yourself by seeing to it that some security researchers mysteriously cut several vital arteries while shaving.

(2): Risk drawing even more attention to yourself by seeing to it that some security researchers mysteriously cut several vital arteries while shaving.

Specially, when said security researchers are all working as part of a big platform reverse engineering malware. (As opposed as the reverse engineering being the work of a few anonymous unknown genius students working in their universities dorms. In that case, it would be much more easy to shift the poisonning blame to the druggie standing in as the current fuck friend of the genius).

Notoriety and public visibility are good deterrent against trying to make inconvenient persons disappear.

*slow clap*it was unexpected to see so many detractors here, especially considering that it is slashdot. sharing of insight is ALWAYS better than a few isolated teams trying to tackle something like this. Sure, some people will learn new techniques, but since they will be well known at that point, they will be well combated. If people actually use it, this should help close the gaping security flaws plaguing us at much faster pace.

it was unexpected to see so many detractors here, especially considering that it is slashdot. sharing of insight is ALWAYS better...

I'd suspect that, to understand this discussion, you should always keep Poe's Law (q.v.) in mind. The default assumption here should be that we're all including a good dose of verbal irony in our comments. Yes, even those of us who have no idea what "irony" even means.

In particular, any suggestion here that it's best that we not learn how "malware" works should be read as a parody of the way that legislative and management minds work.

This is just part of CrowdStrike's branding strategy.This will be an educational and recruitying site but I seriously doubt the work posted will be keeping anyone's networks any safer.

Consider:
1) If you are a network security firm and have the resources on staff to reverse engineer malware, why would you allow them to contribute at a competitor's site? Do you think that CrowdStrike is going to be giving away IP for free? I think not. They aren't going to sharing any goodies until they've milked them for al

This is just part of CrowdStrike's branding strategy.This will be an educational and recruitying site but I seriously doubt the work posted will be keeping anyone's networks any safer.

Consider:

1) If you are a network security firm and have the resources on staff to reverse engineer malware, why would you allow them to contribute at a competitor's site? Do you think that CrowdStrike is going to be giving away IP for free? I think not. They aren't going to sharing any goodies until they've milked them for all they're worth.

AV companies share this information all the time, albeit in a more static manner. Why? Because AV has been commoditized, and all major AV companies sell their product based on what ELSE they bring to the table. Plus, there's more than enough malware to go around. This will just solve the difficult problems, which is a benefit to everyone, while leaving the sheer volume of simpler stuff for the individual companies to tackle in their own way.